I'm trying to get a SSL certificate. When I tried the sudo certbot certonly --standalone -d example.com command it will give the following error.
http-01 challenge for "example.com"
Waiting for verification...
Challenge failed for domain ""
http-01 challenge for "example.com"
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: 5.223.81.7: Invalid response from
https://example.com/.well-known/acme-challenge/TKQORWrjpM1hyx81XCC3DpzFYI_UDnWdr3U:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I'm trying to get a SSL certificate. When I tried the sudo certbot certonly --standalone -d example.com command it will give the following error.
http-01 challenge for "example.com"
Waiting for verification...
Challenge failed for domain ""
http-01 challenge for "example.com"
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: 5.223.81.7: Invalid response from
https://example.com/.well-known/acme-challenge/TKQORWrjpM1hyx81XCC3DpzFYI_UDnWdr3U:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
When I looked at the logs at /var/log/letsencrypt/letsencrypt.log. it gives the following log
File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python2.7/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
how could I get an SSL certificate with cerbot certonly?
Hello @lakhan0305, welcome to the Let's Encrypt community.
Moved to #help
Had you created the Topic in Help you would have been presented with the following questions.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
The --standalone method needs to be able to bind port 80 and answer requests on it. If some other program is already using port 80, this won't work. That seems to be the case in your setup.
Since you got a 404 error on testing the challenge, I don't think that @Bruce5051's concern about firewalled ports is the explanation for your problem, and also suspect that you may have changed the IP address in your post.
My domain is: lakhan.xyz.net(example)
My web server is (include version): Apache/2.4.57
The operating system my web server runs on is (include version): CentOS
My hosting provider: AWS EC2
I can login to a root shell on my machine: yes
I'm using a control panel to manage my site: no
The version of my client is: certbot 1.11.0
When I updated port 80 and ran the following command.
Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Runs an HTTP server locally which serves the necessary validation files under the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP server already running. HTTP challenge only (wildcards not supported). (standalone) 2: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported). (webroot) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 An unexpected error occurred: requests.exceptions.ConnectionError: ('Connection aborted.', OSError(107, 'Socket not connected'))
if you already have apache running you must use apache to handle http message. I'd not use docker for this, as if you do that certbot won't detect apache config
